john_991
asked on
Mail sent from non users received by users on same domain exchange 2003
I'm receiving alot of spam from non users on my domain addressed to valid users.
I'm running exchange 2003 with the latest service pack along with mail essentials from gfi.
Other spam is being blocked properly.
Any idea's why this is happening?
Thanks
I'm running exchange 2003 with the latest service pack along with mail essentials from gfi.
Other spam is being blocked properly.
Any idea's why this is happening?
Thanks
Just to clarify. Are you receiving mail from your own domain with fake user names?
ASKER
Yes, sent by fake users with the same domain name addressed to users who are on the domain.
i.e. Sent from abc@ere.com who is not on the domain addressed to xyz@ere.com who is on the domain.
i.e. Sent from abc@ere.com who is not on the domain addressed to xyz@ere.com who is on the domain.
This will be spoofing performed by spambots external to your organisation marking the sender field with your smtp address. It is likely that your spam filtering solution has an exception for your domain name which you should remove to address this issue
Your being spoofed. You should contact you ISP about adding an SPF record to your DNS entries.
This will be helpfull in the process. Most ISPs will require you to submit the what you what the DNS entry to be.
http://www.openspf.org/
http://www.openspf.org/
Just a heads up. If you are being spoofed it is possible other people than the people in your domain may be receiving these spoofed e-mails as well.
ASKER
I have this already in my dns server (spf record)
ere.com. 60 IN TXT "v=spf1 a ~all"
any other idea's?
ere.com. 60 IN TXT "v=spf1 a ~all"
any other idea's?
To clarify: In "your" DNS server? Do you mean in your internal DNS (.local, etc) or public (.com, etc).
Also, Check out one of the e-mails headers to see where it actually came from. It is possible that you have a client with a spam-bot doing this.
Also, Check out one of the e-mails headers to see where it actually came from. It is possible that you have a client with a spam-bot doing this.
ASKER
It's in the external dns server. (my hosting company's dns server)
Will look at the header soon.
Will look at the header soon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.